General

  • Target

    3d3bdb62d964dd7599b2e5a48a79a1d6.bin

  • Size

    2.2MB

  • Sample

    240415-bg49nsdb9w

  • MD5

    c9112c0d8618f24a0f63b983c1578cc3

  • SHA1

    4191defe9fae24a125dcbd0ecdf62eaf5ef2d226

  • SHA256

    5261a4157fe8306e44b6a8204a0ec9971bb1a27cbeb5c384398b8d6a678da3c0

  • SHA512

    56a31605502f86054e5a3fd4f31e56a7c95532ce329d02b4be0122e9a824044120546c42e35950456a4a8c87cb61c91b8cc210b8c3f9af5657b35b900f22e062

  • SSDEEP

    49152:5P0vXHcfdnYNfb1EDUiXnEZoqQxm/29IYlGhMz61tkfnh:uX8fdueDUiXnYClGhMz4tkp

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      a0ef2b6290c1ea34de86e628bb7d492808fe06acea5055faaaa7ba4ff88ca398.exe

    • Size

      2.2MB

    • MD5

      3d3bdb62d964dd7599b2e5a48a79a1d6

    • SHA1

      0974dcaf226218fd933dd42d3045c600195bc942

    • SHA256

      a0ef2b6290c1ea34de86e628bb7d492808fe06acea5055faaaa7ba4ff88ca398

    • SHA512

      130f023b7a8a2af9826a0384d061c76972decf9670b8af3aed4224a86f506ec8beef7b0158b4f9c2f95e0b748ee83b324f82c546d814577a3fc1c86514bd3193

    • SSDEEP

      49152:OSUl6vD5DxN6HHLJ9twVYhUjuW7IGWOGmcGACFvXO8KijF8RUWzG4:OSSwD5Dxk+1WOGojZTjF8uWz

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks